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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application 
is eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 
CFR 1.17(e) has been timely paid, the finality of the previous Office action has been 
withdrawn pursuant to 37 CFR 1.1 14. Applicant's submission filed on 07/27/2009 has 
been entered. 

2. As per instant Amendment, Claims 1-12 were canceled; Claim 13 is independent claims. 
Claims 13-15 have been examined and are pending. This Action is made Non-FINAL. 



Response to Arguments 

3. AppHcants' arguments in the instant Amendment, filed on 06/30/2009, have been fully 
considered but they are not persuasive. 

Applicants' arguments: 

a. Kenichi fails to disclose "issuing N'^ CA information that includes an N'^ CA 
certificate indicating that the Nth server certificate is valid and includes an 
(N+1)'^ address indicating a location of the (N+ 1)"' download server on the 

communication network (pars. 0010- 0014, and 0017-0220; Fig. 4; certification 
authority address information 402; when the renewal program 102 of a certificate 
is started, according to the certificate authority address information 402 of the 
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certificate 101, it will take connection 505 for the certificate authority 105 via a 
network); 

b. Kenichi fails to disclose "the CA certificates identifies the address of the 

download server that outputs (N+1)*^ CA information to the client apparatus. " 

The Examiner disagrees due to the following reasons: 

a. Kenichi does disclose issuing N"" CA information that includes an N'^ CA 
certificate indicating that the Nth server certificate is valid and includes an 
(N+l)**" address indicating a location of the (N+ l)**" download server on the 

communication network (pars. 0010- 0014, and 0017-0220; Fig. 4; certification 
authority address information 402; when the renewal program 102 of a certificate 
is started, according to the certificate authority address information 402 of the 
certificate 101, it will take connection 505 for the certificate authority 105 via a 
network); 

b. Kenichi does disclose the CA certificates identifies the address of the download 
server that outputs (N+l)"' CA information to the client apparatus (pars. 0010- 
0014, and 0017-0220; Fig. 4; certificate 101 includes certification authority 
address information 402 which allows renewal program 102 to establish 
connection 505 for the certificate authority 105). 
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Claim Rejections - 35 USC § 112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall cone hide with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 13-15 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

• Regarding claim 13, claim 13 recites the limitation "terminatine the operation 
of the (N+l)"' download server after the validity period of the CA certificate expires . " 

This contradicts to discussions in paragraphs [0107]-[01 1 1] and Figure 6. This also 
contradicts to limitation "the (N+1)"' download server taking place before a validity 
period of the CA certificate expires. " claimed in claim 13, and to limitations claimed in 
claim 14; (emphasis added). It is believed that this is a typo; For the purpose of applying 
art, the Examiner interprets the aforementioned limitation to mean " terminatins the 
operation of the n"' download server after the validity period of the CA certificate 
expires; " (emphasis added). 

• Regarding claim 14, claim 14 is dependent on claim 13, and therefore inherits 
the 35 U.S.C 1 12, second paragraph issues of the independent claim. 

• Regarding claim 15, claim 15 recites the limitation "terminatins the operation 
of the ]\"' authentication apparatus and the operation of the (N+l)"' download server 
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when the validity period of the CA certificate expires . " Similarly to discussions 
addressed above; this contradicts to discussions in paragraphs [0107]-[01 1 1] and Figure 6. 
For the purpose of applying art, the Examiner interprets the aforementioned limitation to 
mean 'terminating the operation of the (N+lf' authentication apparatus and the 
operation of the (N+l)"' download server when the validity period of the CN+l)"' CA 
certificate expires . " 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art arc such that ilic subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinaiy skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. This application currently names joint inventors. In considering patentability of the claims 
under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the various 
claims was commonly owned at the time any inventions covered therein were made absent 
any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to 
point out the inventor and invention dates of each claim that was not commonly owned at 
the time a later invention was made in order for the examiner to consider the applicability 
of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 U.S.C. 
103(a). 
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8. Claims 13-15 are rejected under 35 U.S.C. 103(a) as being unpatentable over Kenichi et 
al., (hereinafter "Kenichi"), J.P. Patent Publication No. JP 2002-215826 published on 
August 02, 2002, in view of Perlman et al., (hereinafter "Perlman"), U.S. Patent No. 
6,230,266 issued on May 08, 2001. 

• Regarding claim 13, Kenichi discloses a method of operating a communication 

system comprising (i) an N*^ authentication apparatus, (ii) an (N+ l)"" authentication 
apparatus, and an (N+ 1)*^ download server, each being connected over a communication 
network, wherein N and (N+1) are values each indicating a number in a sequence in a case 
where a plurality of authentication apparatuses and a plurality of corresponding download 
servers are sequentially put into operation, N being an integer of 1 or larger (pars. 0007 
and 0019-0020; Fig. 8; certificate authority A 801, certificate authority B 803, and 
computer 100), 

wherein the N**" authentication apparatus (Fig. 8, certificate authority A 801) 

includes: 

an Nth server certificate issue unit operable to issue an Nth server 
certificate ensmng validity of an apphcation server (pars. 0019-0023; certificate 804); and 

an Nth certificate authority (CA) information issue unit operable to issue 
Nth CA information including an Nth CA certificate and an (N+l)**" address for update, the 
Nth CA certificate indicating that the Nth server certificate is valid, and the (N+1)* address 
for update indicating a location of the (N+ 1)**" download server on the communication 
network (pars. 0007, 0011-0012, and 0014-0020; Figs. 4-9; certification authority address 
information 402), 



Application/Control Number: 10/511 ,903 Page 7 

Art Unit: 2437 

wherein the (N+ 1)* authentication apparatus (Fig. 8; certificate authority B 
803) includes: 

an (N+I)th server certificate issue unit operable to issue an (N+I)*'' server 
certificate ensuring the validity of the application server (Fig. 8; certificate authority B 
803); and 

an (N+ 1)* CA information issue unit operable to issue (N+ 1)'^ CA 
information including an (N+l)th CA certificate and an (N+2)th address for update, the 
(N+1)*^ CA certificate indicating that the (N+1)*^ server certificate is valid, the 
address for update indicating a location, on the communication network, of an 
download server on which (N+2)"' CA information is placed, and the (N+2)'*' CA 
information including an (N+2)*'' CA certificate to be a next valid CA certificate in a case 
where the (N+1)*^ CA certificate is becomes revoked (pars. 0007, 0011-0012, and 0014- 
0020; Figs. 4-9; certification authority address information 402; when the renewal 
program 102 of a certificate is started, according to the certificate authority address 
information 402 of the certificate 101, it will take connection 505 for the certificate 
authority 105 via a network), 

wherein the (N+ l)**" download server (Fig. 8; computer 100) includes: 
a CA information storage unit operable to store the (N+ 1)* CA 
information including the (N+l)**" CA certificate to be a next valid CA certificate in a case 
where the Nth CA certificate becomes is revoked (pars. 0007, 0011-0012, and 0014-0020; 
Fig. 8; certificates 804 and 805 issued by CA 801 and CA 803 respectively are stored in 
hard disk of the computer 100); and 
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an output unit operable to output, to a communication apparatus, the 
C A information stored in the CA information storage unit, the communication 
apparatus being connected to the (N+ l)**" download server via the communication network, 
the communication apparatus being a client apparatus that receives a service from the 
application server after the validity of the application server is verified (pars. 0007, 0011- 
0012, and 0014-0020; Fig. 8), and 

wherein said method comprises: 

starting up the N**" authentication apparatus to place the N**" authentication 
apparatus in operation to issue the Nth server certificate (pars. 0007, 0010-0014 and 0017- 
0020; Figs. 4-9); 

issuing, via the N**" CA information issue unit of the Nth authentication 
apparatus, the N**" CA information including (i) the N**" CA certificate indicating that the 
Nth server certificate is valid and (ii) the (N+ l)**" address for update indicating the location 
of the (N+ 1)* download server on the communication network (pars. 0010- 0014, and 
001 7-0220; Fig. 4; certification authority address information 402; when the renewal 
program 102 of a certificate is started, according to the certificate authority address 
information 402 of the certificate 101, it will take connection 505 for the certificate 
authority 105 via a network); 

the (N+iy^ download server outputs the (N+l)'*' CA information stored in 
the CA information storage unit to the communication apparatus that is the client apparatus 
that receives the service from the application server after the validity of the application 
server is verified (pars. 0010- 0014, and 0017-0220; Fig. 4; certification authority address 
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information 402; when the renewal program 102 of a certificate is started, according to the 
certificate authority address information 402 of the certificate 101, it will take connection 
505 for the certificate authority 105 via a network); 

Kenichi does not explicitly disclose after said starting up of the operation of the 
N**" authentication apparatus, starting up the (N+l)**" authentication apparatus and the 
download server to place the (N+1)* authentication apparatus and the (N+l)'^ 
download server into operation, said starting up of the (N+l)*^ authentication apparatus and 
the (H+Vf download server taking place before a validity period of the Nth CA certificate 
expires; and terminating the operation of the (N+l)**" download server after the validity 
period of the N**" CA certificate expires. 

However, in an analogous art, Perlman discloses an authentication system, 
wherein after said starting up of the operation of the N* authentication apparatus, starting 
up the (N+1)^ authentication apparatus and the (N+l)**" download server to place the 
(N+l)*** authentication apparatus and the (N+l)**" download server into operation, said 
starting up of the (N+l)**" authentication apparatus and the (N+l)**" download server taking 
place before a validity period of the Nth CA certificate expires (Perlman: col. 3; lines 35- 
53; col. 7, lines 46-67 to col. 8, lines 1-24; begin using a new CA and OLRS, each of which 
have new respective private/public key pairs that are different from those used by the CA 
and OLRS that are no longer being used); and 

terminating the operation of the (N+1)*'' download server after the validity period 
of the N* CA certificate expires (Perlman: col. 3, lines 35-53; col. 7, lines 46-67 to col. 8, 
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lines 1-24; if the CA is treated as if it has been compromised, in order to re-establish 
authentication system security it becomes necessary to (1) discontinue use of the current 
CA and OLRS, (2) begin using a new CA and OLRS, each of which have new respective 
private/public key pairs that are different from those used by the CA and OLRS that are no 
longer being used). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to combine the teaching of Perlman with the method and 
system of Kenichi to include steps of after said starting up of the operation of the N*^ 
authentication apparatus, starting up the (N+l)**" authentication apparatus and the (N+l)*** 
download server to place the (N+1)* authentication apparatus and the (N+l)*** download 
server into operation, said starting up of the (N+l)"" authentication apparatus and the 
(N+l)"^ download server taking place before a validity period of the Nth CA certificate 
expires; and terminating the operation of the (N+l)**" download server after the validity 
period of the N**" CA certificate expires to provide user with an authentication method that 
able to re-establish authentication system security after compromise of security information 
(Perlman: col. 1, lines 5-10). 

• Regarding claim 14, Kenichi and Perlman disclose the method according to 
Claim 13. 

Perlman fiirther discloses in said starting up of the (N+1)* download server, the 
(N+l)*** authentication apparatus and the (N+1)* download server are put in operation, 
when the N*** CA certificate is revoked (Perlman: col. 3; lines 35-53; col. 7, lines 46-67 to 
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col. 8, lines 1-24; begin using a new CA and OLRS, each of which have new respective 
private/public key pairs that are different from those used by the CA and OLRS that are no 
longer being used). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to combine the teaching of Perlman with the method and 
system of Kenichi to include steps of in said starting up of the (N+1 )* download server, the 
(N+1)* authentication apparatus and the (N+1)'^ download server are put in operation, 
when the N**" CA certificate is revoked to provide user with an authentication method that 
able to re-establish authentication system security after compromise of security information 
(Perlman: col. 1, lines 5-10).. 

• Regarding claim 15, Kenichi and Perlman disclose the method according to 
Claim 13. 

Perlman further discloses terminating the operation of the Nth authentication 
apparatus and the operation of the (N+1)"' download server when the validity period of the 
Nth CA certificate expires (Perlman: col. 3, lines 35-53; col. 7, lines 46-67 to col. 8, lines 
1-24; if the CA is treated as if it has been compromised, in order to re-establish 

authentication system security it becomes necessary to (1) discontinue use of the current 
CA and OLRS, (2) begin using a new CA and OLRS, each of which have new respective 
private/public key pairs that are different from those used by the CA and OLRS that are no 
longer being used). 
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Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to combine the teaching of Perlman with the method and 
system of Kenichi to include steps of terminating the operation of the Nth authentication 
apparatus and the operation of the (N+l)**" download server when the validity period of the 

Nth CA certificate expires to provide user with an authentication method that able to re- 
establish authentication system security after compromise of security information 
(Perlman: col. 1, lines 5-10). 



Conclusion 

9. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Luu Pham whose telephone number is 571-270-5002. The examiner 
can normally be reached on Monday through Friday, 7:30 AM - 5:00 PM (EST). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel L. Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this apphcation or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status information 
for unpublished applications is available through Private PAIR only. For more information 
about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on 
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access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866- 
217-9197 (toll-free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786-9199 (IN USA 
OR CANADA) or 571-272-1000. 

/Luu Pham/ 

Examiner, Art Unit 2437 
/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



